ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere DataPower » digital signature question

Post new topic  Reply to topic
 digital signature question « View previous topic :: View next topic » 
Author Message
George Carey
PostPosted: Thu May 03, 2012 1:28 pm    Post subject: digital signature question Reply with quote

Knight

Joined: 29 Jan 2007
Posts: 500
Location: DC

As part of a Data Power digital signature, there is a timestamp with elements creation date/time and expires date/time . I believe the default value of 5 minutes is the normal delta between create and expires time.

Question(s): Does a receiving DP device ... processing the Digital signature signed by the sender (another Data Power) fail if the expired time on the signature is reached or exceeded? Does this expiration time have to be enforced or can it be ignored(or treated as a warning) via a DataPower setting of some kind to allow the message to be processed anyway ?

Regards,
GTC
_________________
"Truth is ... grasping the virtually unconditioned",
Bernard F. Lonergan S.J.
(from book titled "Insight" subtitled "A Study of Human Understanding")
Back to top
View user's profile Send private message Visit poster's website AIM Address
fjb_saper
PostPosted: Thu May 03, 2012 4:10 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20695
Location: LI,NY

Can you be more specific when you refer to DataPower's digital signature?
5 mins sounds excessively short. Usually a CA cert is valid for a year...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
George Carey
PostPosted: Fri May 04, 2012 3:42 pm    Post subject: Not the Cert itself Reply with quote

Knight

Joined: 29 Jan 2007
Posts: 500
Location: DC

No not talking about the Cert itself ... yes that is normally 1-3 years.

I mean an actual XML message's signature that gets a timestamp as part of the XML digital signature protocol ...

The timestamp has a create date/time and expries date/time associated with the signature and that is typically 5 minutes ... basically a time to live delta for the signature.

With that ... then my original question.

GTC
_________________
"Truth is ... grasping the virtually unconditioned",
Bernard F. Lonergan S.J.
(from book titled "Insight" subtitled "A Study of Human Understanding")
Back to top
View user's profile Send private message Visit poster's website AIM Address
fjb_saper
PostPosted: Sat May 05, 2012 1:23 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20695
Location: LI,NY

you did not specify, what kind of cert are you using to sign the message.
DP is a little bit "quirky" with it's own certs. If it is a CA signed cert this sounds strange and certainly worthy of a PMR...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
sumit
PostPosted: Wed May 16, 2012 2:26 am    Post subject: Reply with quote

Partisan

Joined: 19 Jan 2006
Posts: 398

Open the 'Sign' action window of your rule and select the 'Advance' tab. A property here is 'Timestamp Expiration Override Period'. To me this looks like the key.
5 mins as you mentioned is the default time.
_________________
Regards
Sumit
Back to top
View user's profile Send private message Yahoo Messenger
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere DataPower » digital signature question
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.